Lucene search
K

587 matches found

Chainguard
Chainguard
added 5 days ago6 views

GHSA-W9WP-H8WV-79JX vulnerabilities

Vulnerabilities for packages: deno, parseable...

6.1AI score
Exploits0
Chainguard
Chainguard
added 5 days ago6 views

CVE-2026-48504 vulnerabilities

Vulnerabilities for packages: deno, parseable...

6.1AI score0.00096EPSS
Exploits0
Wolfi
Wolfi
added 5 days ago10 views

GHSA-W9WP-H8WV-79JX vulnerabilities

Vulnerabilities for packages: deno, parseable...

6.1AI score
Exploits0
Wolfi
Wolfi
added 5 days ago10 views

CVE-2026-48504 vulnerabilities

Vulnerabilities for packages: deno, parseable...

6.1AI score0.00096EPSS
Exploits0
NVD
NVD
added 2026/06/23 6:18 p.m.10 views

CVE-2026-55517

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.5, a Deno program that opens a client WebSocket connection could be crashed by the remote server. While handling the WebSocket handshake response, Deno parsed the Sec-WebSocket-Protocol and Sec-WebSocket-Extensions response...

4.3CVSS0.00183EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 6:18 p.m.8 views

CVE-2026-49983

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, environment access is gated by the env permission. You can deny it with --deny-env, or restrict it to a specific allowlist with --allow-env=FOO,BAR. The expectation is that a program running without env permission cannot...

5.2CVSS0.00098EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 6:18 p.m.11 views

CVE-2026-49860

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when a WebSocket connection was opened, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that hostname resolved to. An attacker-controlled script could use a specially...

5.2CVSS0.00101EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 6:18 p.m.8 views

CVE-2026-49859

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when fetch was called, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that hostname resolved to. An attacker-controlled script could use a specially crafted domain name...

5.2CVSS0.00101EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 6:18 p.m.9 views

CVE-2026-49406

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.12, when Deno was run in BYONM mode nodeModulesDir: "manual", the module resolver did not validate that a package's resolved entrypoint stayed within its nodemodules// directory. A malicious package.json whose main field...

5.5CVSS0.00135EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 6:18 p.m.11 views

CVE-2026-49411

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.0, the Node.js compatibility TCP path checked the permission against the original hostname string before resolution and then did not re-check after resolution. A caller could therefore pass a numeric alias of an IP address fo...

6.5CVSS0.00111EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 6:18 p.m.9 views

CVE-2026-49440

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, node:crypto.checkPrimecandidate, options, callback and crypto.checkPrimeSynccandidate, options ran no Miller-Rabin rounds at all when the caller left options.checks at its default of 0. In that mode, the only test applied ...

7.4CVSS0.00149EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 6:18 p.m.8 views

CVE-2026-49401

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.14, Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path supplied to --deny-read, --deny-write, --deny-run, or --deny-ffi. On macOS, that comparison was done...

8.4CVSS0.00144EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 6:18 p.m.9 views

CVE-2026-49402

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.10, Deno's node:childprocess implementation provided an escapeShellArg helper used when callers passed shell: true to spawn / spawnSync / exec and friends. On Windows, the helper failed to quote arguments that contained cmd.e...

8.1CVSS0.00283EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 6:17 p.m.8 views

CVE-2026-44726

Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.0.0 until 2.7.8, a flaw in Deno's Node.js tls compatibility layer could cause a TLS client to transmit application data in plaintext after a connection retry. When autoSelectFamily was enabled and the first address-family attempt...

9.1CVSS0.00142EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/23 5:24 p.m.34 views

CVE-2026-55517 Deno: Denial of service via non-ASCII bytes in WebSocket response headers

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.5, a Deno program that opens a client WebSocket connection could be crashed by the remote server. While handling the WebSocket handshake response, Deno parsed the Sec-WebSocket-Protocol and Sec-WebSocket-Extensions response...

4.3CVSS0.00183EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 5:24 p.m.24 views

CVE-2026-55517

CVE-2026-55517 affects Deno prior to 2.7.5, where a client WebSocket handshake could crash the process if the server returned non-ASCII bytes in Sec-WebSocket-Protocol or Sec-WebSocket-Extensions headers. The root cause is parsing those headers as ASCII strings, triggering a panic when non-printa...

4.3CVSS5.9AI score0.00183EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/23 5:24 p.m.5 views

CVE-2026-44726 Deno: TLS retry copies stale upgrade hook, risking plaintext traffic

Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.0.0 until 2.7.8, a flaw in Deno's Node.js tls compatibility layer could cause a TLS client to transmit application data in plaintext after a connection retry. When autoSelectFamily was enabled and the first address-family attempt...

7.4CVSS5.9AI score0.00142EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 5:24 p.m.16 views

CVE-2026-44726

Summary: CVE-2026-44726 affects Deno up to 2.7.7, where a flaw in Deno’s Node.js TLS compatibility layer can cause plaintext data to be sent after a connection retry when autoSelectFamily is enabled. The root cause is that the socket reinitialization path reuses a stale TLS upgrade hook tied to t...

9.1CVSS5.9AI score0.00142EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/23 5:24 p.m.42 views

CVE-2026-44726 Deno: TLS retry copies stale upgrade hook, risking plaintext traffic

Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.0.0 until 2.7.8, a flaw in Deno's Node.js tls compatibility layer could cause a TLS client to transmit application data in plaintext after a connection retry. When autoSelectFamily was enabled and the first address-family attempt...

7.4CVSS0.00142EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/23 5:22 p.m.42 views

CVE-2026-49401 Deno Permission Bypass via Unicode Normalization Mismatch on macOS (APFS)

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.14, Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path supplied to --deny-read, --deny-write, --deny-run, or --deny-ffi. On macOS, that comparison was done...

7.3CVSS0.00144EPSS
Exploits1References1
Rows per page
Query Builder